Network Working Group A. Yourtchenko
Internet-Draft P. Aitken
Intended status: Informational B. Claise
Expires: August 29, 2013 Cisco Systems, Inc.
February 25, 2013
Cisco Specific Information Elements reused in IPFIX
draft-yourtchenko-cisco-ies-05
Abstract
This document describes some additional Information Elements of Cisco
Systems, Inc. that are not listed in RFC3954.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 29, 2013.
Copyright Notice
Copyright (c) 2013 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Yourtchenko, et al. Expires August 29, 2013 [Page 1]
Internet-Draft Cisco Information Elements February 2013
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Information Elements Overview . . . . . . . . . . . . . . . . 3
4. Information Elements . . . . . . . . . . . . . . . . . . . . . 4
4.1. deltaFlowCount . . . . . . . . . . . . . . . . . . . . . . 4
4.2. samplingInterval . . . . . . . . . . . . . . . . . . . . . 4
4.3. samplingAlgorithm . . . . . . . . . . . . . . . . . . . . 4
4.4. engineType . . . . . . . . . . . . . . . . . . . . . . . . 5
4.5. engineId . . . . . . . . . . . . . . . . . . . . . . . . . 5
4.6. ipv4RouterSc . . . . . . . . . . . . . . . . . . . . . . . 5
4.7. samplerId . . . . . . . . . . . . . . . . . . . . . . . . 5
4.8. samplerMode . . . . . . . . . . . . . . . . . . . . . . . 6
4.9. samplerRandomInterval . . . . . . . . . . . . . . . . . . 6
4.10. classId . . . . . . . . . . . . . . . . . . . . . . . . . 6
4.11. samplerName . . . . . . . . . . . . . . . . . . . . . . . 6
4.12. flagsAndSamplerId . . . . . . . . . . . . . . . . . . . . 7
4.13. forwardingStatus . . . . . . . . . . . . . . . . . . . . . 7
4.14. srcTrafficIndex . . . . . . . . . . . . . . . . . . . . . 8
4.15. dstTrafficIndex . . . . . . . . . . . . . . . . . . . . . 9
4.16. className . . . . . . . . . . . . . . . . . . . . . . . . 9
4.17. layer2packetSectionOffset . . . . . . . . . . . . . . . . 9
4.18. layer2packetSectionSize . . . . . . . . . . . . . . . . . 9
4.19. layer2packetSectionData . . . . . . . . . . . . . . . . . 10
5. Other Information Elements . . . . . . . . . . . . . . . . . . 10
5.1. Performance Metrics IEs . . . . . . . . . . . . . . . . . 10
5.2. Application Information IEs . . . . . . . . . . . . . . . 10
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
7. Security Considerations . . . . . . . . . . . . . . . . . . . 11
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . . 11
Appendix A. XML Specification of IPFIX Information Elements . . . 12
Appendix B. Changes . . . . . . . . . . . . . . . . . . . . . . . 19
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 20
Yourtchenko, et al. Expires August 29, 2013 [Page 2]
Internet-Draft Cisco Information Elements February 2013
1. Introduction
The section 4 of [RFC5102] defines the IPFIX Information Elements in
the range of 1-127 to be compatible with the NetFlow version 9
fields, as specified in the "Cisco Systems NetFlow Services Export
Version 9" [RFC3954]. As [RFC3954] was specified in 2004, it does
not contain all NetFlow version 9 specific fields in the range 1-127.
The question was asked whether IPFIX Devices should exclusively
report the IPFIX IANA IEs [IPFIX-IANA] ? In other words, when
upgrading from a NetFlow metering process to an IPFIX Metering
Process, should the IPFIX Devices stop reporting NetFlow version 9
specific IEs that were not registered in IANA [IPFIX-IANA] ?
This document is intended to fill the gap in this IE range. That
way, IPFIX implementations could export all the IEs specified in
IANA, regardless of the range.
2. Terminology
IPFIX-specific terminology used in this document is defined in
Section 2 of [RFC5101]. As in [RFC5101], these IPFIX-specific terms
have the first letter of a word capitalized when used in this
document.
3. Information Elements Overview
The following Information Elements are discussed in the sections
below:
+----+-----------------------+-----+---------------------------+
| ID | Name | ID | Name |
+----+-----------------------+-----+---------------------------+
| 3 | deltaFlowCount | 84 | samplerName |
| 34 | samplingInterval | 87 | flagsAndSamplerId |
| 35 | samplingAlgorithm | 89 | forwardingStatus |
| 38 | engineType | 92 | srcTrafficIndex |
| 39 | engineId | 93 | dstTrafficIndex |
| 43 | ipv4RouterSc | 100 | className |
| 48 | samplerId | 102 | layer2packetSectionOffset |
| 49 | samplerMode | 103 | layer2packetSectionSize |
| 50 | samplerRandomInterval | 104 | layer2packetSectionData |
| 51 | classId | | |
+----+-----------------------+-----+---------------------------+
Table 1
Yourtchenko, et al. Expires August 29, 2013 [Page 3]
Internet-Draft Cisco Information Elements February 2013
4. Information Elements
4.1. deltaFlowCount
Description:
This Information Element specifies the current number of all Flow
Records that form the parent population as input to the Flow
Selection Process.
Abstract Data Type: unsigned64
ElementId: 3
Semantics: quantity
Status: current
Units: flows
RFC EDITOR NOTE: if the Flow Aggregation for IPFIX document
[I-D.ietf-ipfix-a9n] is published before this, then remove this
entry. This Information Element is similar to 'deltaFlowCount'
there.
4.2. samplingInterval
Description:
Deprecated in favor of 305 samplingPacketInterval. When using
sampled NetFlow, the rate at which packets are sampled - e.g. a
value of 100 indicates that one of every 100 packets is sampled.
Abstract Data Type: unsigned32
ElementId: 34
Semantics: quantity
Status: deprecated
Units: packets
4.3. samplingAlgorithm
Description:
Deprecated in favor of 304 selectorAlgorithm. The type of
algorithm used for sampled NetFlow:
1 - Deterministic Sampling;
2 - Random Sampling.
The values are not compatible with the selectorAlgorithm IE, where
"Deterministic" has been replaced by "Systematic count-based" (1)
or "Systematic time-based" (2), and "Random" is (3). Conversion
is required, see PSAMP parameters [PSAMP-IANA].
Abstract Data Type: unsigned8
ElementId: 35
Semantics: identifier
Yourtchenko, et al. Expires August 29, 2013 [Page 4]
Internet-Draft Cisco Information Elements February 2013
Status: deprecated
4.4. engineType
Description:
Type of flow switching engine in a router/switch:
RP = 0,
VIP/Line card = 1,
PFC/DFC = 2.
Reserved for internal use on the collector.
Abstract Data Type: unsigned8
ElementId: 38
Semantics: identifier
Status: deprecated
4.5. engineId
Description:
VIP or line card slot number of the flow switching engine in a
router/switch. Reserved for internal use on the collector.
Abstract Data Type: unsigned8
ElementId: 39
Semantics: identifier
Status: deprecated
4.6. ipv4RouterSc
Description:
This is a platform-specific field for Catalyst 5000/Catalyst 6000
family. It is used to store the address of a router that is being
shortcut when performing MultiLayer Switching.
Abstract Data Type: ipv4Address
ElementId: 43
Semantics: ipv4Address
Status: deprecated
Reference: [CCO-MLS] describes the MultiLayer Switching.
4.7. samplerId
Description:
Deprecated in favor of 302 selectorId. The unique identifier
associated with samplerName.
Abstract Data Type: unsigned8
ElementId: 48
Yourtchenko, et al. Expires August 29, 2013 [Page 5]
Internet-Draft Cisco Information Elements February 2013
Semantics: identifier
Status: deprecated
4.8. samplerMode
Description:
Deprecated in favor of 304 selectorAlgorithm. The values are not
compatible: selectorAlgorithm=3 is random sampling. The type of
algorithm used for sampling data: 1 - deterministic, 2 - random
sampling. Use with samplerRandomInterval.
Abstract Data Type: unsigned8
ElementId: 49
Semantics: identifier
Status: deprecated
4.9. samplerRandomInterval
Description:
Deprecated in favour of 305 samplingPacketInterval. Packet
interval at which to sample - in case of random sampling. Used in
connection with samplerMode 0x02 (random sampling) value.
Abstract Data Type: unsigned32
ElementId: 50
Semantics: quantity
Status: deprecated
4.10. classId
Description:
Deprecated in favour of 302 selectorId. Characterizes the traffic
class, i.e. QoS treatment.
Abstract Data Type: unsigned8
ElementId: 51
Semantics: identifier
Status: deprecated
4.11. samplerName
Description:
Deprecated in favor of 335 selectorName. Name of the flow
sampler.
Abstract Data Type: string
ElementId: 84
Status: deprecated
Yourtchenko, et al. Expires August 29, 2013 [Page 6]
Internet-Draft Cisco Information Elements February 2013
4.12. flagsAndSamplerId
Description:
Flow flags and the value of the sampler ID (samplerId) combined in
one bitmapped field. Reserved for internal use on the collector.
Abstract Data Type: unsigned32
ElementId: 87
Semantics: identifier
Status: deprecated
4.13. forwardingStatus
Description:
This Information Element describes the forwarding status of the
flow and any attached reasons. The Reduced Size Encoding rules as
per [RFC5101] apply.
The basic encoding is 8 bits. The future extensions
could add one or three bytes. The layout of the basic
encoding is as follows:
MSB - 0 1 2 3 4 5 6 7 - LSB
+---+---+---+---+---+---+---+---+
| Status| Reason code or flags |
+---+---+---+---+---+---+---+---+
Status:
00b = Unknown
01b = Forwarded
10b = Dropped
11b = Consumed
Reason Code (status = 01b, Forwarded)
01 000000b = 64 = Unknown
01 000001b = 65 = Fragmented
01 000010b = 66 = Not Fragmented
Reason Code (status = 10b, Dropped)
10 000000b = 128 = Unknown
10 000001b = 129 = ACL deny
10 000010b = 130 = ACL drop
10 000011b = 131 = Unroutable
10 000100b = 132 = Adjacency
10 000101b = 133 = Fragmentation and DF set
Yourtchenko, et al. Expires August 29, 2013 [Page 7]
Internet-Draft Cisco Information Elements February 2013
10 000110b = 134 = Bad header checksum
10 000111b = 135 = Bad total Length
10 001000b = 136 = Bad header length
10 001001b = 137 = bad TTL
10 001010b = 138 = Policer
10 001011b = 139 = WRED
10 001100b = 140 = RPF
10 001101b = 141 = For us
10 001110b = 142 = Bad output interface
10 001111b = 143 = Hardware
Reason Code (status = 11b, Consumed)
11 000000b = 192 = Unknown
11 000001b = 193 = Punt Adjacency
11 000010b = 194 = Incomplete Adjacency
11 000011b = 195 = For us
Examples:
value : 0x40 = 64
binary: 01000000
decode: 01 -> Forward
000000 -> No further information
value : 0x89 = 137
binary: 10001001
decode: 10 -> Drop
001001 -> Fragmentation and DF set
Abstract Data Type: unsigned32
ElementId: 89
Semantics: identifier
Status: current
Reference:
See [CCO-NF9FMT] - NetFlow Version 9 Record Format.
4.14. srcTrafficIndex
Description:
BGP Policy Accounting Source Traffic Index
Abstract Data Type: unsigned32
Yourtchenko, et al. Expires August 29, 2013 [Page 8]
Internet-Draft Cisco Information Elements February 2013
ElementId: 92
Semantics: identifier
Status: current
Reference:
BGP policy accounting as described in [CCO-BGPPOL]
4.15. dstTrafficIndex
Description:
BGP Policy Accounting Destination Traffic Index
Abstract Data Type: unsigned32
ElementId: 93
Semantics: identifier
Status: current
Reference:
BGP policy accounting as described in [CCO-BGPPOL]
4.16. className
Description:
Deprecated in favor of 335 selectorName. Traffic Class Name,
associated with the classId Information Element.
Abstract Data Type: string
ElementId: 100
Status: deprecated
4.17. layer2packetSectionOffset
Description:
Layer 2 packet section offset. Potentially a generic packet
section offset.
Abstract Data Type: unsigned16
ElementId: 102
Semantics: quantity
Status: current
EDITOR'S NOTE: [I-D.ietf-ipfix-data-link-layer-monitoring] contains
a corresponding field 'sectionOffset' with a better description.
One solution is to assign the value 102 for the 'sectionOffset' in
[I-D.ietf-ipfix-data-link-layer-monitoring].
4.18. layer2packetSectionSize
Description:
Layer 2 packet section size. Potentially a generic packet section
size.
Yourtchenko, et al. Expires August 29, 2013 [Page 9]
Internet-Draft Cisco Information Elements February 2013
Abstract Data Type: unsigned16
ElementId: 103
Semantics: quantity
Status: current
EDITOR'S NOTE: [I-D.ietf-ipfix-data-link-layer-monitoring] contains
a corresponding field 'sectionObservedOctets' with a better
description. One solution is to assign the value 103 to
'sectionObservedOctets' in
[I-D.ietf-ipfix-data-link-layer-monitoring].
4.19. layer2packetSectionData
Description:
Layer 2 packet section data.
Abstract Data Type: octetArray
ElementId: 104
Status: current
EDITOR's NOTE: [I-D.ietf-ipfix-data-link-layer-monitoring] contains
a corresponding field 'dataLinkFrameSection' with a better
description. One solution is to assign the value 104 to
'dataLinkFrameSection' in
[I-D.ietf-ipfix-data-link-layer-monitoring].
5. Other Information Elements
5.1. Performance Metrics IEs
ElementId: 65 .. 69
Performance metrics will need a consolidation in the industry, based
on RFC6390. Once this consolidation happens, via a separate document
the IEs 65-69 will either be assigned in the IANA registry or their
status will be deprecated.
5.2. Application Information IEs
ElementId: 101
ElementId: 94 .. 97
Please refer to the RFC 6759 [RFC6759]
6. IANA Considerations
This document specifies several new IPFIX Information Elements in the
IPFIX Information Element registry as defined in Section 3 above.
Yourtchenko, et al. Expires August 29, 2013 [Page 10]
Internet-Draft Cisco Information Elements February 2013
The following Information Elements must be assigned:
o IE Number 3 for the deltaFlowCount IE
o IE Number 34 for the samplingInterval IE
o IE Number 35 for the samplingAlgorithm IE
o IE Number 38 for the engineType IE
o IE Number 39 for the engineId IE
o IE Number 43 for the ipv4RouterSc IE
o IE Number 48 for the samplerId IE
o IE Number 49 for the samplerMode IE
o IE Number 50 for the samplerRandomInterval IE
o IE Number 51 for the classId IE
o IE Number 84 for the samplerName IE
o IE Number 87 for the flagsAndSamplerId IE
o IE Number 89 for the forwardingStatus IE
o IE Number 92 for the srcTrafficIndex IE
o IE Number 93 for the dstTrafficIndex IE
o IE Number 100 for the className IE
o IE Number 102 for the layer2packetSectionOffset IE
o IE Number 103 for the layer2packetSectionSize IE
o IE Number 104 for the layer2packetSectionData IE
7. Security Considerations
This document specifies the definitions of several Information
Elements and does not alter the security considerations of the base
protocol. Please refer to the security considerations sections of
RFC 3954 [RFC3954] and RFC 5102 [RFC5102].
However, the export of the sections of the packet payload may
unintentionally change the security assumptions of other protocols.
8. References
8.1. Normative References
[RFC5101] Claise, B., "Specification of the IP Flow Information
Export (IPFIX) Protocol for the Exchange of IP Traffic
Flow Information", RFC 5101, January 2008.
8.2. Informative References
[CCO-BGPPOL]
Cisco, "BGP Policy Accounting and BGP Policy Accounting
Output Interface Accounting Features", <http://
www.cisco.com/en/US/tech/tk365/
Yourtchenko, et al. Expires August 29, 2013 [Page 11]
Internet-Draft Cisco Information Elements February 2013
technologies_tech_note09186a0080094e88.shtml>.
[CCO-MLS] Cisco, "IP MultiLayer Switching Sample Configuration", <ht
tp://www.cisco.com/en/US/products/hw/switches/ps700/
products_configuration_example09186a00800ab513.shtml>.
[CCO-NF9FMT]
Cisco, "NetFlow version 9 Flow-Record format", <http://
www.cisco.com/en/US/technologies/tk648/tk362/
technologies_white_paper09186a00800a3db9.html>.
[I-D.ietf-ipfix-a9n]
Trammell, B., Wagner, A., and B. Claise, "Flow Aggregation
for the IP Flow Information Export (IPFIX) Protocol",
draft-ietf-ipfix-a9n-08 (work in progress), November 2012.
[I-D.ietf-ipfix-data-link-layer-monitoring]
Kashima, S., Kobayashi, A., and P. Aitken, "Information
Elements for Data Link Layer Traffic Measurement",
draft-ietf-ipfix-data-link-layer-monitoring-02 (work in
progress), February 2013.
[IPFIX-IANA]
IANA, "IP Flow Information Export (IPFIX) Entities",
<http://www.iana.org/assignments/ipfix/ipfix.xml>.
[PSAMP-IANA]
IANA, "Packet Sampling (PSAMP) Parameters", <http://
www.iana.org/assignments/psamp-parameters/
psamp-parameters.xml>.
[RFC3954] Claise, B., "Cisco Systems NetFlow Services Export Version
9", RFC 3954, October 2004.
[RFC5102] Quittek, J., Bryant, S., Claise, B., Aitken, P., and J.
Meyer, "Information Model for IP Flow Information Export",
RFC 5102, January 2008.
[RFC6759] Claise, B., Aitken, P., and N. Ben-Dvora, "Cisco Systems
Export of Application Information in IP Flow Information
Export (IPFIX)", RFC 6759, November 2012.
Appendix A. XML Specification of IPFIX Information Elements
<?xml version="1.0" encoding="UTF-8"?>
<fieldDefinitions xmlns="urn:ietf:params:xml:ns:ipfix-info"
Yourtchenko, et al. Expires August 29, 2013 [Page 12]
Internet-Draft Cisco Information Elements February 2013
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:ietf:params:xml:ns:ipfix-info
ipfix-info.xsd">
<field name="deltaFlowCount" dataType="unsigned64"
group=""
dataTypeSemantics="quantity"
elementId="3" applicability="flow" status="current">
<description>
<paragraph>
This Information Element specifies the current number of all
Flow Records that form the parent population as input to the
Flow Selection Process.
</paragraph>
</description>
</field>
<field name="samplingInterval" dataType="unsigned32"
group=""
dataTypeSemantics="quantity"
elementId="34" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 305 samplingPacketInterval. When using
sampled NetFlow, the rate at which packets are sampled - e.g. a
value of 100 indicates that one of every 100 packets is sampled.
</paragraph>
</description>
</field>
<field name="samplingAlgorithm" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="35" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 304 selectorAlgorithm. The type of
algorithm used for sampled NetFlow: 1 - Deterministic Sampling;
2 - Random Sampling. The values are not compatible with the
selectorAlgorithm IE, where "Deterministic" has been replaced by
"Systematic count-based" (1) or "Systematic time-based" (2), and
"Random" is (3). Conversion is required, see
<REF:PSAMP-IANA>PSAMP parameters.
</paragraph>
</description>
</field>
<field name="engineType" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="38" applicability="flow" status="deprecated">
Yourtchenko, et al. Expires August 29, 2013 [Page 13]
Internet-Draft Cisco Information Elements February 2013
<description>
<paragraph>
Type of flow switching engine in a router/switch: RP = 0,
VIP/Line card = 1, PFC/DFC = 2. Reserved for internal use on the
collector.
</paragraph>
</description>
</field>
<field name="engineId" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="39" applicability="flow" status="deprecated">
<description>
<paragraph>
VIP or line card slot number of the flow switching engine in a
router/switch. Reserved for internal use on the collector.
</paragraph>
</description>
</field>
<field name="ipv4RouterSc" dataType="ipv4Address"
group=""
dataTypeSemantics="ipv4Address"
elementId="43" applicability="flow" status="deprecated">
<description>
<paragraph>
This is a platform-specific field for Catalyst 5000/Catalyst
6000 family. It is used to store the address of a router that is
being shortcut when performing MultiLayer Switching.
</paragraph>
</description>
<reference>
http://www
.cisco.com
/en/US/pro
ducts/hw/s
witches/ps
700/products_configuration_example09186a00800ab513.shtml
describes the MultiLayer Switching.
</reference>
</field>
<field name="samplerId" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="48" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 302 selectorId. The unique identifier
associated with samplerName.
Yourtchenko, et al. Expires August 29, 2013 [Page 14]
Internet-Draft Cisco Information Elements February 2013
</paragraph>
</description>
</field>
<field name="samplerMode" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="49" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 304 selectorAlgorithm. The values are not
compatible: selectorAlgorithm=3 is random sampling. The type of
algorithm used for sampling data: 1 - deterministic, 2 - random
sampling. Use with samplerRandomInterval.
</paragraph>
</description>
</field>
<field name="samplerRandomInterval" dataType="unsigned32"
group=""
dataTypeSemantics="quantity"
elementId="50" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favour of 305 samplingPacketInterval. Packet
interval at which to sample - in case of random sampling. Used
in connection with samplerMode 0x02 (random sampling) value.
</paragraph>
</description>
</field>
<field name="classId" dataType="unsigned8"
group=""
dataTypeSemantics="identifier"
elementId="51" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favour of 302 selectorId. Characterizes the
traffic class, i.e. QoS treatment.
</paragraph>
</description>
</field>
<field name="samplerName" dataType="string"
group=""
dataTypeSemantics=""
elementId="84" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 335 selectorName. Name of the flow
sampler.
</paragraph>
Yourtchenko, et al. Expires August 29, 2013 [Page 15]
Internet-Draft Cisco Information Elements February 2013
</description>
</field>
<field name="flagsAndSamplerId" dataType="unsigned32"
group=""
dataTypeSemantics="identifier"
elementId="87" applicability="flow" status="deprecated">
<description>
<paragraph>
Flow flags and the value of the sampler ID (samplerId) combined
in one bitmapped field. Reserved for internal use on the
collector.
</paragraph>
</description>
</field>
<field name="forwardingStatus" dataType="unsigned32"
group=""
dataTypeSemantics="identifier"
elementId="89" applicability="flow" status="current">
<description>
<paragraph>
This Information Element describes the forwarding status of the
flow and any attached reasons. The Reduced Size Encoding rules
as per <REF:RFC5101> apply.
</paragraph>
<artwork>
The basic encoding is 8 bits. The future extensions
could add one or three bytes. The layout of the basic
encoding is as follows:
MSB - 0 1 2 3 4 5 6 7 - LSB
+---+---+---+---+---+---+---+---+
| Status| Reason code or flags |
+---+---+---+---+---+---+---+---+
Status:
00b = Unknown
01b = Forwarded
10b = Dropped
11b = Consumed
Reason Code (status = 01b, Forwarded)
01 000000b = 64 = Unknown
01 000001b = 65 = Fragmented
01 000010b = 66 = Not Fragmented
Reason Code (status = 10b, Dropped)
Yourtchenko, et al. Expires August 29, 2013 [Page 16]
Internet-Draft Cisco Information Elements February 2013
10 000000b = 128 = Unknown
10 000001b = 129 = ACL deny
10 000010b = 130 = ACL drop
10 000011b = 131 = Unroutable
10 000100b = 132 = Adjacency
10 000101b = 133 = Fragmentation and DF set
10 000110b = 134 = Bad header checksum
10 000111b = 135 = Bad total Length
10 001000b = 136 = Bad header length
10 001001b = 137 = bad TTL
10 001010b = 138 = Policer
10 001011b = 139 = WRED
10 001100b = 140 = RPF
10 001101b = 141 = For us
10 001110b = 142 = Bad output interface
10 001111b = 143 = Hardware
Reason Code (status = 11b, Consumed)
11 000000b = 192 = Unknown
11 000001b = 193 = Punt Adjacency
11 000010b = 194 = Incomplete Adjacency
11 000011b = 195 = For us
Examples:
value : 0x40 = 64
binary: 01000000
decode: 01 -> Forward
000000 -> No further information
value : 0x89 = 137
binary: 10001001
decode: 10 -> Drop
001001 -> Fragmentation and DF set
</artwork>
</description>
<reference>
See http:/
/www.cisco
.com/en/US
/technolog
ies/tk648/tk362/technologies_white_paper09186a00800a3db9.html -
NetFlow Version 9 Record Format.
</reference>
</field>
<field name="srcTrafficIndex" dataType="unsigned32"
group=""
Yourtchenko, et al. Expires August 29, 2013 [Page 17]
Internet-Draft Cisco Information Elements February 2013
dataTypeSemantics="identifier"
elementId="92" applicability="flow" status="current">
<description>
<paragraph>
BGP Policy Accounting Source Traffic Index
</paragraph>
</description>
<reference>
BGP policy accounting as described in
http://www
.cisco.com
/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml
</reference>
</field>
<field name="dstTrafficIndex" dataType="unsigned32"
group=""
dataTypeSemantics="identifier"
elementId="93" applicability="flow" status="current">
<description>
<paragraph>
BGP Policy Accounting Destination Traffic Index
</paragraph>
</description>
<reference>
BGP policy accounting as described in
http://www
.cisco.com
/en/US/tech/tk365/technologies_tech_note09186a0080094e88.shtml
</reference>
</field>
<field name="className" dataType="string"
group=""
dataTypeSemantics=""
elementId="100" applicability="flow" status="deprecated">
<description>
<paragraph>
Deprecated in favor of 335 selectorName. Traffic Class Name,
associated with the classId Information Element.
</paragraph>
</description>
</field>
<field name="layer2packetSectionOffset" dataType="unsigned16"
group=""
dataTypeSemantics="quantity"
elementId="102" applicability="flow" status="current">
<description>
<paragraph>
Layer 2 packet section offset. Potentially a generic packet
Yourtchenko, et al. Expires August 29, 2013 [Page 18]
Internet-Draft Cisco Information Elements February 2013
section offset.
</paragraph>
</description>
</field>
<field name="layer2packetSectionSize" dataType="unsigned16"
group=""
dataTypeSemantics="quantity"
elementId="103" applicability="flow" status="current">
<description>
<paragraph>
Layer 2 packet section size. Potentially a generic packet
section size.
</paragraph>
</description>
</field>
<field name="layer2packetSectionData" dataType="octetArray"
group=""
dataTypeSemantics=""
elementId="104" applicability="flow" status="current">
<description>
<paragraph>
Layer 2 packet section data.
</paragraph>
</description>
</field>
</fieldDefinitions>
Appendix B. Changes
To be removed by RFC Editor before publication
01: initial revision presented at the IETF meeting.
02: removed "flow" from flowSamplerId, flowSamplerMode, and
flowSamplerRandomInterval; updated the related drafts in references;
added the "reference" column to the XML definitions; renamed
fsFlowEntryTotalCount into deltaFlowCount to keep the naming in sync
with draft-trammell-ipfix-a9n. Also minor changes to formatting and
added the IE overview table.
03: updated the references to
draft-claise-export-application-info-in-ipfix, slightly tweaked the
title and removed the unused reference to
draft-ietf-ipfix-flow-selection-tech.
04: sync the references.
Yourtchenko, et al. Expires August 29, 2013 [Page 19]
Internet-Draft Cisco Information Elements February 2013
05: update references to
draft-claise-export-application-info-in-ipfix with reference to
rfc6759, draft-trammell-ipfix-a9n to draft-ietf-ipfix-a9n,
draft-kashima-ipfix-data-link-layer-monitoring to
draft-ietf-ipfix-data-link-layer-monitoring.
Authors' Addresses
Andrew Yourtchenko
Cisco Systems, Inc.
De Kleetlaan, 7
Brussels, Diegem B-1831
Belgium
Phone: +32 2 704 5494
Email: ayourtch@cisco.com
Paul Aitken
Cisco Systems, Inc.
96 Commercial Quay
Edinburgh EH6 6LX
Scotland
Phone: +44 131 561 3616
Email: paitken@cisco.com
Benoit Claise
Cisco Systems, Inc.
De Kleetlaan, 6a b1
Diegem B-1831
Belgium
Phone: +32 2 704 5622
Email: bclaise@cisco.com
Yourtchenko, et al. Expires August 29, 2013 [Page 20]